Version 95 (modified by kopal, 16 months ago) (diff)


Open tasks

This page lists open tasks which can be performed by students with no previous experience with CrypTool 2 (CT2). The proposed tasks are grouped into the following categories:

  • Thesis -- tasks which may be suitable for a bachelor, master or diploma thesis.
  • Project -- tasks which probably require an effort of a couple of weeks, but which do not qualify as a thesis topic. Tasks may be combined to a single project if one task proves to be less comprehensive than expected.

Note: The grouping is a rough estimation to collect ideas. Before assigning a task it's the tutor's duty to verify whether the task actually is suitable for the student. For all tasks the CT2 team has more detailed information if a student or an advisor from another university is interested to take over a task. Writing a thesis includes the online help in CT2 (at minimum English) and templates for CT2.


  1. Implement a Framework for Symmetric Cryptanalysis in CT2: This includes
    • Attacking Key Schedule of Stream- and Blockciphers
    • Slide Attacks on Blockciphers (at least against all general Feistel type ciphers and Treyfer)
    • How should such a framework be designed to fit into CT2 and to enable other developers to easily add further attack plugins?
  2. Modern Cryptanalysis: Visualization of Differential Cryptanalysis of SDES and FEAL
  3. Modern Cryptanalysis: Visualization of Linear Cryptanalysis of SDES and FEAL
  4. Modern Cryptanalysis: Visualization of Slide Attack on SDES and FEAL
  5. Integer Linear Programming (ILinProg)
    • After creating a model for symmetric cryptanalysis and transfering it
  6. Breaking MD4 On-the-fly
  7. Implement SAT Cryptanalysis
    • Exhaustive pre-work exists (Brandi)
  1. Breaking RSA OAEP with Manger’s attack
  1. Implement Cryptanalysis of Visual Cryptography
    • Involve Nüsken (Schülerkrypto Bonn) for further material on that topic
  2. Implement Visual Cryptanalysis: Cipher Dags (Bernstein)
  3. Implement Quantum Algorithms from NIST Competition (Valence, Schrottenloher, Brands, ...)
  4. Implement Attack on ElsieFour (start with reduced version)
  5. Implement Key Recovery Attack for 10-Rounds AES
  6. Implement DROWN Attack
  1. Visualize the Off-the-Record (OTR) Messenger Protocol
  2. Visualize the Crypto Protocol of the Messenger Signal (Axolotl Ratchet)
  1. Machine Learning and Cryptology: Implement Analysis of Ciphers with Neural Networks or Artificial Intelligence
  1. Align Factorization Algorithms/Methods already existing in CT2 [currently under construction]
    • Current state:
      • Factorizer component (only brute-force, works)
      • Quadratic Sieve component (GUI is well made; made by Rech; uses msieve as library, works)
      • NFS Factorizer component (Inigo started to build it; uses yafu, partially works)
      • General Number Field Sieve component (built by Rech, uses msieve.exe, partially works)
      • --> Goal: ONE component (called Factorizer) that contains all methods (components) mentioned above
  2. Distributed Factorization using CrypCloud
  3. Implement Visualization of "Biased Primes"
  1. Achievement System for CT2
    • Based on tasks users have to fulfill
    • Achievement points are awarded to them
    • Create a global best list
    • Example: Achievement system in World of Warcraft
  1. A Generic Heuristic Analyzer for Classic Algorithms (like the KeySearcher)
  2. Distributed Cryptanalysis of the Enigma Machine using CrypCloud
  1. Cipher Builder
    • Create a component which allows to build modern ciphers out of standard components (like S-box, permutation); this could, for instance, visualize Feistel networks, etc
  1. Implement all major algorithms on permutations in CT2. See 1 and 2. This discusses the six major types of combinatorial collections with examples and formulas for counting. Expands with a C# generics-based set of classes for enumerating each meta-collection.
  2. Any hash function from SHA-3 contest, for the weak ones preferably with an attack sample (overview) -- e.g. MD6 implementation (Spec)

  1. Implement the current status of cryptanalysis against hash algorithms. Show the effectiveness against reduced algorithms (explain collision resistance, 1st and 2nd pre-image)
  1. Visualize hash functions (e.g. SHA1) in a modern way (not only the sensitivity and changes at the resulting hash value, but all changed bits after each step or round). See here
  1. Cryptanalysis of the Turning Grille (done in JCT)

  1. Straddling Checkerboard, Ché Guevara, Boconian and their according cryptanalysis
  1. Implement the full cryptanalysis toolbox used to crack Simon Singh's contest. See How We Cracked the Code Book Ciphers by Fredrik Almgren, Gunnar Andersson, Torbjörn Granlund, Lars Ivansson, Staffan Ulfberg
  2. Visualize different Steganography methods steganography. (Example)
  1. Implement Current Real Cryptanalytical Successes like RFID, WLAN, MiFare, Crypto1, A5/1
    • For more details on the cryptoanalytical successes read the proceedings of current conferences, e.g. see here.
  2. Identity-based Encryption (IBE) according to C. Cocks Based on Quadratic Residues
    • Implement and analyze
  3. NTRU: implement and analyze
  1. McElice: implement and analyze
  2. Import and Export Cryptographic Keys in PKCS#8 and X.509 formats, see also
  3. Describe and characterize the variants of cryptographic signatures and implement/visualize/document some of the them, like blind signatures. An extension could be to implement applications like electronic cash and voting systems to describe and implement them from a cryptanalytic perspective.
  1. Cracking the encryption in the VIM editor when the message: "Using a weak encryption method". ###################################### 'cryptmethod' 'cm' (default "zip")

Method used for encryption when the buffer is written to a file:

zip PkZip compatible method. A weak kind of encryption.

Backwards compatible with Vim 7.2 and older.

blowfish Blowfish method. Medium strong encryption but it has

an implementation flaw. Requires Vim 7.3 or later, files can NOT be read by Vim 7.2 and older. This adds a "seed" to the file, every time you write the file the encrypted bytes will be different.

blowfish2 Blowfish method. Medium strong encryption. Requires

Vim 7.4.401 or later, files can NOT be read by Vim 7.3 and older. This adds a "seed" to the file, every time you write the file the encrypted bytes will be different. The whole undo file is encrypted, not just the pieces of text.

When reading an encrypted file 'cryptmethod' will be set automatically to the detected method of the file being read. Thus if you write it without changing 'cryptmethod' the same method will be used.

When setting the global value to an empty string, it will end up with the value "zip". When setting the local value to an empty string the buffer will use the global value.


  1. PreImage Attacks on arbitrary hash functions
    • brute-force
    • dictionary (rule-based)
    • inspired by "John the Ripper"
  1. Investigate the robustness of primality tests using
  1. Fried, Gaudry, Heninger und Thomé: "A kilobit hidden SNFS discrete logarithm computation"
  1. Steven Galbraith, Jake Massimo und Kenneth G. Paterson: "Safety in Numbers: On the Need for Robust Diffie-Hellman Parameter Validation"
  1. ROCA
  1. Cayley-Purser-Algorithmus und seine Anlyse implementieren
  • that was briefly discussed in 1999 as an RSA alternative
  1. Daniel Shumow: Incorrectly Generated RSA Keys: How To Recover Lost Plaintexts
  1. We are always happy to get further suggestions (maybe from your own research).


  1. Morse Code Audio Decoder: in the existing morse code component, create an input for audio data that converts morse sounds back to digital data
  2. Multiplex cipher: merge Cylinder Cipher component and M-138 component and create a common Multiplex Cipher component (including M-94, Bazerie, and M-138)
  3. HexEditor (#11)
  4. TextEditor (add syntax highlighting to TextInput and TextOutput) (AvalonEdit)
  5. Enhance the frequency test with a tabular presentation (similar to CT1) and a comparative feature: two text-inputs should be compared, the primary one is displayed as a chart, and the color of each bar is green if it matches the second input and red if not (and the entire color-span inbetween for matching values from good to bad). In case no secondary input is provided, standard english or german should be used for comparision
  6. Fuzzy string search (Example, Wikipedia)
  7. Enhance existing WordPatterns plugin
    • multiple word search with one TextInput (split words at whitespace)
    • enter max match number
    • enter pattern in number format (like 1-2-2-1)
    • add filter function (see Borland C++ tool)
    • save last input words and propose them to user
    • improve performance
    • support wildcard (*)
  8. Statistical tests for randomness (see NIST), maybe a new random number generator (see existing one first), see also 1, 2, 3, 4, 5, 6, 7
    • partially done
  9. Man-in-the-Middle-Plugin to modify traversing data
    • visualize Diffie-Hellman protocol with MitM
    • see existing BB84 template with eavesdropper
  10. Extend StringOperations component with annagramming function
    • could be used for manual attacking transposition ciphers
    • Input string is annagrammed and all resulting annagrams are outputted as String[]
    • good introduction task for new students/workers on CT2
  11. Implement special crypto algorithms/methods/protocols

Finished tasks

  1. ArrayIndexer (retrieve one object via numeric index from an array): Christian Arnold, Uni Due
  2. LengthOf (get length of string or array): Christian Arnold, Uni Due
  3. Check whether the plugin templates work: Matthäus Wander, Uni Due
  4. Create plugin similar to Substring (or enhance Substring) which cuts CryptoolStream and/or byte[] (see CRC32-sample for usage scenario): CT2 Team Transposition, Uni Due
  5. Create ButtonTrigger plugin which fires a bool output when user clicks a buttonj: CT2 Team Transposition, Uni Due
  6. Create regular expression plugin(s), for example match and replace (see System.Text.RegularExpressions): CT2 Team Transposition, Uni Due
  7. Combine Stream/String converters (add byte[] type): CT2 Team Distributed Cryptanalysis, Uni Due
  8. Create all cost functions used in enigma as plugins (i.e. entropy, log2-trigrams..): CT2 Teams Distributed Cryptanalysis & Transposition, Uni Due
  9. MD5 collider: Holger Pretzsch, Uni Due
  10. Nihilist: Fabian Enkler
  11. Vigenère-Autokey: Dennis Nolte, Uni Due
  12. Concept for (semi-)automatic plugin testing: Matthäus Wander, Uni Due
  13. Network sniffer (#32): Matthäus Wander, Uni Due
  14. Full Internationalization / Localization (#127): Sven Rech, Armin Krauss
  15. Lorenz SZ42 encryption: Implement and analyze. Integrate in CT2 a C# version of the ADA code of the winner from here. Assigned to: Wilmer Daza
  16. Visualization and advanced cryptanalysis of Enigma: Julian Weyers
  17. Implement a Navajo-Code component: This is basically a substitution component wich substitutes words from English with the corresponding Navajo words. For words which are not in the Navajo-Dictionary use spelling, i.e. substitute each letter with the corresponding Navajo-codeword. Additionally, the component should also try to parse Navajo-code language and translate back to English. See Navajo-Code Talker's dictionary for more details. - done by A. Wacker, Uni Kassel with the substitution component and a navajo codebook
  18. Implement a Morse-code component: translate letters forth and back to morse code: Nils Kopal, Uni Kassel
  19. SIGABA encryption, visualization and cryptanalysis: Julian Weyers, Uni Due (not in the nightly build since quality assurance has to be done)
  20. Diffie-Hellman visualization and analysis components.
  21. Create new monoalphabetic analysis (current one needs to be revised or rewritten from scratch). Should support any alphabet, e.g. [A-Z] or [A-Z0-9]
  22. Measure password strength
  23. Bar Code and Matrix Codes: implement and visualize them. Also analyze scanned bar codes. (implemented in Visual Encoder/Visual Decoder)
  24. ... and many more